Screencasts: On-screen demonstrations of security tools

by SearchSecurity.com Staff

SearchSecurity.com's screencast series allows top experts to demonstrate popular information security tools and techniques, including tools for vulnerability scanning, network auditing, security reviews and more.

By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

In our monthly screencast series, SearchSecurity's best experts will walk you through today's popular information security tools, explaining what they do and how to use them.

Something missing from our list? If you're looking for an on-screen demonstration of a particular free or open source security or compliance tool that hasn't been featured in our screencast series yet, email us your suggestions.

Screencasts:

BeEF Project How to use BeEF, a free penetration testing framework Keith Barker of CBT Nuggets shows how to use the BeEF Project, a free penetration testing framework, to train employees.

BlackStratus LOGStormHow to use BlackStratus LOGStorm, a free log management tool Keith Barker of CBT Nuggets demonstrates how to use LOGStorm, a free log management system from BlackStratus that organizes and prioritizes enterprise log data.

TripWire SecureScan How to use TripWire SecureScan, a free vulnerability scanning tool Keith Barker of CBT Nuggets demonstrates how to use TripWire SecureScan, an easy-to-use scanning tool that detects vulnerabilities and identifies servers that are susceptible to Heartbleed.

KismetHow to use Kismet: A free Wi-Fi network-monitoring toolKeith Barker of CBT Nuggets demonstrates how to use Kismet, a wireless network detector, sniffer and intrusion-detection system. Kismet allows a user to see a list of existing networks and details about each one.

CrowdResponse Gathering forensic data with CrowdResponseKeith Barker of CBT Nuggets demonstrates how to use CrowdResponse, a Windows command-line application created by security vendor CrowdStrike, which helps gather detailed information for incident response efforts.

Prey How to use Prey tracking software to mitigate enterprise BYOD risks Keith Barker of CBT Nuggets shows how to use Prey to track missing Windows and Mac laptops, as well as smartphones and tablets running iOS and Android.

AxCrypt AxCrypt tutorial: How to use AxCrypt for simple file encryptionKeith Barker of CBT Nuggets provides an AxCrypt tutorial, showing how it makes simple file encryption possible for the average user.

OpenPuff How to use OpenPuff steganography to send sensitive info securelyKeith Barker of CBT Nuggets explains how to use OpenPuff to hide encrypted data in other files when being sent. OpenPuff is a free tool that gives practically any organization the ability to utilize steganography.

W3af W3af tutorial: How to use w3af for a Web application security scanKeith Barker of CBT Nuggets provides a w3af tutorial, showing how w3af's many plug-ins can be used to conduct a thorough Web application security scan.

REMnux How to analyze malware with REMnux's reverse-engineering malware toolsKeith Barker of CBT Nuggets demonstrates how just a few of the hundreds of tools in REMnux can be used for reverse-engineering malicious software.

Nikto How to use Nikto to scan for Web server vulnerabilitiesKeith Barker of CBT Nuggets provides a brief Nikto tutorial. Learn how to use Nikto to find vulnerabilities, misconfigurations and outdated software versions on Web servers.

Security Onion Security Onion tutorial: Analyze network traffic using Security OnionKeith Barker of CBT Nuggets provides a Security Onion tutorial, demonstrating how even the most budget-conscious organizations can analyze network traffic using the likes of Squil, Snorby and ELSA.

SplunkSplunk tutorial demonstrates how to use Splunk for security In this SearchSecurity.com screencast, Keith Barker, CISSP and trainer for CBT Nuggets, provides a tutorial of Splunk to exhibit how to use Splunk for security. Keith analyzes the features available in the free version of Splunk, including a powerful set of predefined searches that can be tweaked to achieve specific results.

ZenmapZenmap tutorial: Mapping networks using Zenmap profiles In this SearchSecurity.com screencast, Keith Barker, CISSP and trainer for CBT Nuggets LLC, walks users through a Zenmap tutorial. He'll provide a brief overview of Zenmap before delving into all that Zenmap's predefined profiles offer. Keith will also divulge one of the features that sold him on Zenmap's uses: its graphical network topology generator.

WiresharkHow to use Wireshark to detect and prevent ARP spoofing In this SearchSecurity.com screencast, Keith Barker, CISSP and trainer for CBT Nuggets, instructs viewers on how to use Wireshark to detect and prevent Address Resolution Protocol (ARP) spoofing attacks. ARP duplicate IP address detection is already turned on by default, but Barker delves further into Wireshark's features to uncover the "Detect ARP request storms" function.

pfSenseConfigure pfSense as an SMB-caliber firewall In this SearchSecurity.com screencast, Keith Barker, CISSP and trainer for CBT Nuggets, provides a brief tutorial of pfSense, a free, open source firewall based on FreeBSD. Barker walks viewers through a configuration of pfSense and shows how to use its main features, including stateful packet filtering.

Broken Web AppsHow to use OWASP Broken Web Apps to prevent vulnerabilities In this video demo, learn how to use the OWASP Broken Web Apps project, which allows would-be pen testers to attack applications that are intentionally insecure in order to help them hone their skills at securing their own apps.

eEye RetinaHow to use the free eEye Retina scanner community edition Looking for a tool that can scan dozens of network ports and, when it's done, create color-coded reports for executives with its findings, all for free? In this screencast, Peter Giannoulis of The Academy Pro explains how to use the free community edition of the eEye Retina scanner.

Angry IPFree port scan: How to use Angry IP scanner This month, Peter Giannoulis from TheAcademyPro.com shows how to use the Angry IP scanner for a thorough, free port scan that gathers MAC address, port, hostname and NetBIOS information.

NetsparkerNetsparker: Free Web app security testing tool Learn how to use the community version of Netsparker: A Web app testing tool that scans and tests for vulnerabilities such as SQL injection and cross-site scripting. And the best part? The community version is entirely free.

hpingHow to use hping to craft packets In this month's screencast, Peter Giannoulis of TheAcademyPro.com explains how to use the hping command-line tool to craft packets for numerous security scenarios in Windows, Mac, Linux and Unix OSes.

TrueCryptHow to use TrueCrypt for disk encryption In this month's screencast, Peter Giannoulis of TheAcademyPro.com details how to not only use Truecrypt to create an encrypted drive on a Windows PC, but he also explains how to create a hidden drive within a drive as an additional data protection measure.

VistumblerFind rogue wireless access points with Vistumbler The wireless detection tool Vistumbler is a lot like Netstumbler, except it supports Windows Vista and Windows 7. In this demo, learn how to use the tool to find rogue wireless access points on your network. Peter Giannoulis also reveals how to export access point GPS locations to Google Earth.

OpenVASHow to launch an OpenVAS scan Watch Peter Giannoulis as he demonstrates OpenVAS, an open vulnerability assessment system. OpenVAS is a free network secuity scanning tool, much like Nessus. In his presentation, Peter explores the tool's set of NVTs, or network vulnerability tests, that will detect security problems in remote systems and applications.

BackTrack 4BackTrack 4 offers full pack of penetration testing tools This month, Peter Giannoulis provides a demo of BackTrack 4, the final version of the venerable pen-testing live Linux-based CD distribution. The penetration testing tools are installed and ready to go, and they can save you valuable time. Watch as Giannoulis samples the many testing features and demonstrates how to get BackTrack 4 up and running in a virtualized environment.

SmoothwallSmoothwall offers firewall defense in lean times You may think that Linux distributions are only for the highly trained IT professional, but Smoothwall, in fact, requires no knowledge of Linux whatsoever. Peter Giannoulis, in his latest screencast, shows you the features of the open source firewall and how to install it in a VMware image.

Rootkit HunterRootkit Hunter demo: Detect and remove Linux rootkit Peter Giannoulis looks at a a free, Linux-based malware detection tool and rootkit scanner: Rootkit Hunter. The tool, which scans for backdoors and local exploits, can also detect behavior that may not be easily caught by AV, including default files and hidden files used by rootkits.

SamuraiSamurai offers pen-testing nirvana In this screencast, Peter Giannoulis reviews the Samurai Web testing framework, a collection of the best Web penetration testing tools put together on a a live Linux CD. If you're a pen tester, or if you perform vulnerabilitiy assessments, you don't have to build all of these tools on your own dedicated operating system.

MaltegoMaltego demo: Identifying a website's trust relationships Learn how the Maltego tool can be most effectively used during the information-gathering phase of a penetration test. In this on-screen demo, Peter Giannoulis reveals some of the trust relationships of SearchSecurity.com itself.

Cain and AbelRecovering lost passwords with Cain & Abel Brute-forcing Windows passwords is easier than you think. Peter Giannoulis explains how the Cain and Abel tool can be used to recover your precious credentials.

Network MinerHow to gather host-level data with Network Miner One particular open source network sniffer hasn't received the attention that it deserves, at least according to Peter Giannoulis. Watch as Peter demonstrates how to use Network Miner, a free, Windows-based tool, to identify ports, protocols, operating systems and other services.

MetagoofilCollecting metadata with Metagoofil Metagoofil, a free tool, provides users with the ability to extract hidden metadata from public documents, including Word docs, PowerPoints and PDFs. Learn how penetration testers can use this tool to analyze a network and assess the security of a website or Web server.

NipperHow to use Nipper to create network security reports Nipper, a free and open source network infrastructure parser, can do more than make your config look pretty. Learn how the tool can produce security audit reports on your network devices. Peter Giannoulis demonstrates how to review your network topology and see where you can enhance it.

WiktoHow to use Wikto for Web server assessment Penetration testers who are looking for flaws in their Internet-facing Web servers can use the freely available Wikto. See for yourself what kinds of information that Wikto can gather about a specific website -- including its good and bad directories -- and which plug-ins will allow you to get the most out of the free tool.

WiresharkCatching network traffic with Wireshark Wireshark, a favorite network protocol analyzer, has plenty of forensic capabilities. See the kinds of traffic that the free tool can catch, including files from tcpdump, Microsoft Network Monitor, Sniffer Pro -- and even recorded VoIP calls.

WinHexRecovering lost data with WinHex WinHex performs forensics and also specializes in low-level data processing, drive imaging and file or program analysis. It can even prevent security leaks because of its ability to destroy or wipe data securely. Watch Peter Giannoulis as he reviews one of the Winhex's main functions: its ability to find and return deleted folders and lost data.

OSSTMMAn introduction to the Open Source Security Testing Methodology Manual The Open Source Security Testing Methodology Manual (OSSTMM) allows you to perform many security tests on your firewalls, intrusion detection systems, passwords and much more. Watch Peter Giannoulis as he introduces the manual and demonstrates how it can be used to defend machines from a brute-force dictionary attack. Learn which parts of a security architecture need to be tested and how to properly measure your results.

MetasploitPenetration testing with Metasploit Metasploit allows hackers and security professionals alike to examine how well a given system can handle known exploits and payloads. Expert Peter Giannoulis demonstrates how the freely available tool can be used to test commercial and custom-made applications, servers and operating systems. In his presentation, Giannoulis shows how one unfortunate Windows user's machine can be easily taken advantage of.

NessusFinding vulnerabilities with Nessus Nessus is the granddaddy of all information security tools. While no longer an open source tool, it still exists as freeware and is actively supported with new signatures. In this screencast, Peter Giannoulis of Bones Consulting demonstrates how enterprises can use Nessus to assess vulnerabilities and help protect critical systems and networks.

Network Security ToolkitOpening up the Network Security Toolkit Built upon Insecure.org's "100 Best Tools," the Network Security Toolkit is improving the jobs of information security professionals everywhere. Tom Bowers, managing director of security think tank and industry analyst firm Security Constructs, uses this latest screencast to explore the collection of networking and security gear. Bowers reviews the basics of the browser-based security toolbox, including proper configurations and tool selection.

SnortSnort -- Tactics for basic network analysis Snort is a robust tool that can be used in a number of ways to assess the security posture of a network, but it takes time to learn, and it can be tricky to obtain all the data that Snort can provide. SearchSecurity.com contributor Tom Bowers provides a demo for those using the tool for the first time. Bowers offers a brief introduction and history of Snort and explains what the IDS can do for information security pros.

Google hackingGoogle hacking, infosec style Search engines and related tools are not only handy when it comes to finding information on the Web, but they can also help security professionals ensure an organization's intellectual property doesn't slip off the network and into the public domain. Tom Bowers demonstrates how a few basic "Google hacking" methods can offer fascinating competitive intelligence for your enterprise. .

UTMHow to configure a UTM device Unified threat management technologies provide protection against various network attacks, but properly configuring UTM boxes can be a whole other battle. In this exclusive screencast, expert David Strom gives an easy-to-follow, on-screen demonstration of the configuration options available in SonicWall's unified threat management product. In simple steps, Strom explains how to set up a SonicWall box, interpret its alerts and adjust security policies accordingly to ensure that a network has optimum protection.

E-Zine

0 comments

E-Mail

Username / Password

Password

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy